-
Uniform Cyclic Group Factorizations of Finite Groups
Authors:
Kazuki Kanai,
Kengo Miyamoto,
Koji Nuida,
Kazumasa Shinagawa
Abstract:
In this paper, we introduce a kind of decomposition of a finite group called a uniform group factorization, as a generalization of exact factorizations of a finite group. A group $G$ is said to admit a uniform group factorization if there exist subgroups $H_1, H_2, \ldots, H_k$ such that $G = H_1 H_2 \cdots H_k$ and the number of ways to represent any element $g \in G$ as $g = h_1 h_2 \cdots h_k$…
▽ More
In this paper, we introduce a kind of decomposition of a finite group called a uniform group factorization, as a generalization of exact factorizations of a finite group. A group $G$ is said to admit a uniform group factorization if there exist subgroups $H_1, H_2, \ldots, H_k$ such that $G = H_1 H_2 \cdots H_k$ and the number of ways to represent any element $g \in G$ as $g = h_1 h_2 \cdots h_k$ ($h_i \in H_i$) does not depend on the choice of $g$. Moreover, a uniform group factorization consisting of cyclic subgroups is called a uniform cyclic group factorization. First, we show that any finite solvable group admits a uniform cyclic group factorization. Second, we show that whether all finite groups admit uniform cyclic group factorizations or not is equivalent to whether all finite simple groups admit uniform group factorizations or not. Lastly, we give some concrete examples of such factorizations.
△ Less
Submitted 15 November, 2023; v1 submitted 6 February, 2023;
originally announced February 2023.
-
Private Simultaneous Messages Based on Quadratic Residues
Authors:
Kazumasa Shinagawa,
Reo Eriguchi,
Shohei Satake,
Koji Nuida
Abstract:
Private Simultaneous Messages (PSM) model is a minimal model for secure multiparty computation. Feige, Kilian, and Naor (STOC 1994) and Ishai (Cryptology and Information Security Series 2013) constructed PSM protocols based on quadratic residues. In this paper, we define QR-PSM protocols as a generalization of these protocols. A QR-PSM protocol is a PSM protocol whose decoding function outputs the…
▽ More
Private Simultaneous Messages (PSM) model is a minimal model for secure multiparty computation. Feige, Kilian, and Naor (STOC 1994) and Ishai (Cryptology and Information Security Series 2013) constructed PSM protocols based on quadratic residues. In this paper, we define QR-PSM protocols as a generalization of these protocols. A QR-PSM protocol is a PSM protocol whose decoding function outputs the quadratic residuosity of what is computed from messages. We design a QR-PSM protocol for any symmetric function $f: \{0,1\}^n \rightarrow \{0,1\}$ of communication complexity $O(n^2)$. As far as we know, it is the most efficient PSM protocol since the previously known best PSM protocol was of $O(n^2\log n)$ (Beimel et al., CRYPTO 2014). We also study the sizes of the underlying finite fields $\mathbb{F}_p$ in the protocols since the communication complexity of a QR-PSM protocol is proportional to the bit length of the prime $p$. In particular, we show that the $N$-th Peralta prime $P_N$, which is used for general QR-PSM protocols, can be taken as at most $(1+o(1))N^2 2^{2N-2}$, which improves the Peralta's known result (Mathematics of Computation 1992) by a constant factor $(1+\sqrt{2})^2$.
△ Less
Submitted 13 September, 2022; v1 submitted 5 September, 2022;
originally announced September 2022.
-
On Compression Functions over Small Groups with Applications to Cryptography
Authors:
Koji Nuida
Abstract:
In the area of cryptography, fully homomorphic encryption (FHE) enables any entity to perform arbitrary computation on encrypted data without decrypting the ciphertexts. An ongoing group-theoretic approach to construct FHE schemes uses a certain "compression" function $F(x)$ implemented by group operators on a given finite group $G$ (i.e., it is given by a sequence of elements of $G$ and variable…
▽ More
In the area of cryptography, fully homomorphic encryption (FHE) enables any entity to perform arbitrary computation on encrypted data without decrypting the ciphertexts. An ongoing group-theoretic approach to construct FHE schemes uses a certain "compression" function $F(x)$ implemented by group operators on a given finite group $G$ (i.e., it is given by a sequence of elements of $G$ and variable $x$), which satisfies that $F(1) = 1$ and $F(σ) = F(σ^2) = σ$ where $σ\in G$ is some element of order three. The previous work gave an example of such $F$ over $G = S_5$ by just a heuristic approach. In this paper, we systematically study the possibilities of such $F$. We construct a shortest possible $F$ over smaller group $G = A_5$, and prove that no such $F$ exists over other groups $G$ of order up to $60 = |A_5|$.
△ Less
Submitted 4 August, 2022;
originally announced August 2022.
-
An Improvement of a Key Exchange Protocol Relying on Polynomial Maps
Authors:
Keita Suzuki,
Koji Nuida
Abstract:
Akiyama et al. (Int. J. Math. Indust., 2019) proposed a post-quantum key exchange protocol that is based on the hardness of solving a system of multivariate non-linear polynomial equations but has a design strategy different from ordinary multivariate cryptography. Their protocol has two versions, an original one and a modified one, where the modified one has a trade-off that its security is stren…
▽ More
Akiyama et al. (Int. J. Math. Indust., 2019) proposed a post-quantum key exchange protocol that is based on the hardness of solving a system of multivariate non-linear polynomial equations but has a design strategy different from ordinary multivariate cryptography. Their protocol has two versions, an original one and a modified one, where the modified one has a trade-off that its security is strengthened while it has non-zero error probability in establishing a common key. In fact, the evaluation in their paper suggests that the probability of failing to establish a common key by the modified protocol with the proposed parameter set is impractically high. In this paper, we improve the success probability of Akiyama et al.'s modified key exchange protocol significantly while kee** the security, by restricting each component of the correct common key from the whole of the coefficient field to its small subset. We give theoretical and experimental evaluations showing that our proposed parameter set for our protocol is expected to achieve both failure probability $2^{-120}$ and $128$-bit security level.
△ Less
Submitted 19 May, 2022; v1 submitted 13 July, 2021;
originally announced July 2021.
-
Halt Properties and Complexity Evaluations for Optimal DeepLLL Algorithm Families
Authors:
Takuto Odagawa,
Koji Nuida
Abstract:
DeepLLL algorithm (Schnorr, 1994) is a famous variant of LLL lattice basis reduction algorithm, and PotLLL algorithm (Fontein et al., 2014) and $S^2$LLL algorithm (Yasuda and Yamaguchi, 2019) are recent polynomial-time variants of DeepLLL algorithm developed from cryptographic applications. However, the known polynomial bounds for computational complexity are shown only for parameter $δ< 1$; for "…
▽ More
DeepLLL algorithm (Schnorr, 1994) is a famous variant of LLL lattice basis reduction algorithm, and PotLLL algorithm (Fontein et al., 2014) and $S^2$LLL algorithm (Yasuda and Yamaguchi, 2019) are recent polynomial-time variants of DeepLLL algorithm developed from cryptographic applications. However, the known polynomial bounds for computational complexity are shown only for parameter $δ< 1$; for "optimal" parameter $δ= 1$ which ensures the best output quality, no polynomial bounds are known, and except for LLL algorithm, it is even not formally proved that the algorithm always halts within finitely many steps. In this paper, we prove that these four algorithms always halt also with optimal parameter $δ= 1$, and furthermore give explicit upper bounds for the numbers of loops executed during the algorithms. Unlike the known bound (Akhavi, 2003) applicable to LLL algorithm only, our upper bounds are deduced in a unified way for all of the four algorithms.
△ Less
Submitted 31 May, 2021; v1 submitted 31 May, 2021;
originally announced May 2021.
-
An Elementary Linear-Algebraic Proof without Computer-Aided Arguments for the Group Law on Elliptic Curves
Authors:
Koji Nuida
Abstract:
The group structure on the rational points of elliptic curves plays several important roles, in mathematics and recently also in other areas such as cryptography. However, the famous proofs for the group property (in particular, for its associative law) require somewhat advanced mathematics and therefore are not easily accessible by non-mathematician. On the other hand, there have been attempts in…
▽ More
The group structure on the rational points of elliptic curves plays several important roles, in mathematics and recently also in other areas such as cryptography. However, the famous proofs for the group property (in particular, for its associative law) require somewhat advanced mathematics and therefore are not easily accessible by non-mathematician. On the other hand, there have been attempts in the literature to give an elementary proof, but those rely on computer-aided calculation for some part in their proofs. In this paper, we give a self-contained proof of the associative law for this operation, assuming mathematical knowledge only at the level of basic linear algebra and not requiring computer-aided arguments.
△ Less
Submitted 24 May, 2021; v1 submitted 13 August, 2020;
originally announced August 2020.
-
Communication-Efficient (Client-Aided) Secure Two-Party Protocols and Its Application
Authors:
Satsuya Ohata,
Koji Nuida
Abstract:
Secure multi-party computation (MPC) allows a set of parties to compute a function jointly while kee** their inputs private. Compared with the MPC based on garbled circuits,some recent research results show that MPC based on secret sharing (SS) works at a very high speed. Moreover, SS-based MPC can be easily vectorized and achieve higher throughput. In SS-based MPC, however, we need many communi…
▽ More
Secure multi-party computation (MPC) allows a set of parties to compute a function jointly while kee** their inputs private. Compared with the MPC based on garbled circuits,some recent research results show that MPC based on secret sharing (SS) works at a very high speed. Moreover, SS-based MPC can be easily vectorized and achieve higher throughput. In SS-based MPC, however, we need many communication rounds for computing concrete protocols like equality check, less-than comparison, etc. This property is not suited for large-latency environments like the Internet (or WAN). In this paper, we construct semi-honest secure communication-efficient two-party protocols. The core technique is Beaver triple extension, which is a new tool for treating multi-fan-in gates, and we also show how to use it efficiently. We mainly focus on reducing the number of communication rounds, and our protocols also succeed in reducing the number of communication bits (in most cases). As an example, we propose a less-than comparison protocol (under practical parameters) with three communication rounds. Moreover, the number of communication bits is also $38.4\%$ fewer. As a result, total online execution time is $56.1\%$ shorter than the previous work adopting the same settings. Although the computation costs of our protocols are more expensive than those of previous work, we confirm via experiments that such a disadvantage has small effects on the whole online performance in the typical WAN environments.
△ Less
Submitted 4 January, 2020; v1 submitted 8 July, 2019;
originally announced July 2019.
-
Secure Grou** Protocol Using a Deck of Cards
Authors:
Yuji Hashimoto,
Kazumasa Shinagawa,
Koji Nuida,
Masaki Inamura,
Goichiro Hanaoka
Abstract:
We consider a problem, which we call secure grou**, of dividing a number of parties into some subsets (groups) in the following manner: Each party has to know the other members of his/her group, while he/she may not know anything about how the remaining parties are divided (except for certain public predetermined constraints, such as the number of parties in each group). In this paper, we constr…
▽ More
We consider a problem, which we call secure grou**, of dividing a number of parties into some subsets (groups) in the following manner: Each party has to know the other members of his/her group, while he/she may not know anything about how the remaining parties are divided (except for certain public predetermined constraints, such as the number of parties in each group). In this paper, we construct an information-theoretically secure protocol using a deck of physical cards to solve the problem, which is jointly executable by the parties themselves without a trusted third party. Despite the non-triviality and the potential usefulness of the secure grou**, our proposed protocol is fairly simple to describe and execute. Our protocol is based on algebraic properties of conjugate permutations. A key ingredient of our protocol is our new techniques to apply multiplication and inverse operations to hidden permutations (i.e., those encoded by using face-down cards), which would be of independent interest and would have various potential applications.
△ Less
Submitted 22 September, 2017;
originally announced September 2017.
-
Polynomial Expressions of Carries in p-ary Arithmetics
Authors:
Shizuo Kaji,
Toshiaki Maeno,
Koji Nuida,
Yasuhide Numata
Abstract:
It is known that any $n$-variable function on a finite prime field of characteristic $p$ can be expressed as a polynomial over the same field with at most $p^n$ monomials. However, it is not obvious to determine the polynomial for a given concrete function. In this paper, we study the concrete polynomial expressions of the carries in addition and multiplication of $p$-ary integers. For the case of…
▽ More
It is known that any $n$-variable function on a finite prime field of characteristic $p$ can be expressed as a polynomial over the same field with at most $p^n$ monomials. However, it is not obvious to determine the polynomial for a given concrete function. In this paper, we study the concrete polynomial expressions of the carries in addition and multiplication of $p$-ary integers. For the case of addition, our result gives a new family of symmetric polynomials, which generalizes the known result for the binary case $p = 2$ where the carries are given by elementary symmetric polynomials. On the other hand, for the case of multiplication of $n$ single-digit integers, we give a simple formula of the polynomial expression for the carry to the next digit using the Bernoulli numbers, and show that it has only $(n+1)(p-1)/2 + 1$ monomials, which is significantly fewer than the worst-case number $p^n$ of monomials for general functions. We also discuss applications of our results to cryptographic computation on encrypted data.
△ Less
Submitted 18 February, 2016; v1 submitted 8 June, 2015;
originally announced June 2015.
-
A mathematical problem for security analysis of hash functions and pseudorandom generators
Authors:
Koji Nuida,
Takuro Abe,
Shizuo Kaji,
Toshiaki Maeno,
Yasuhide Numata
Abstract:
In this paper, we specify a class of mathematical problems, which we refer to as "Function Density Problems" (FDPs, in short), and point out novel connections of FDPs to the following two cryptographic topics; theoretical security evaluations of keyless hash functions (such as SHA-1), and constructions of provably secure pseudorandom generators (PRGs) with some enhanced security property introduce…
▽ More
In this paper, we specify a class of mathematical problems, which we refer to as "Function Density Problems" (FDPs, in short), and point out novel connections of FDPs to the following two cryptographic topics; theoretical security evaluations of keyless hash functions (such as SHA-1), and constructions of provably secure pseudorandom generators (PRGs) with some enhanced security property introduced by Dubrov and Ishai [STOC 2006]. Our argument aims at proposing new theoretical frameworks for these topics (especially for the former) based on FDPs, rather than providing some concrete and practical results on the topics. We also give some examples of mathematical discussions on FDPs, which would be of independent interest from mathematical viewpoints. Finally, we discuss possible directions of future research on other cryptographic applications of FDPs and on mathematical studies on FDPs themselves.
△ Less
Submitted 28 August, 2014; v1 submitted 31 May, 2012;
originally announced June 2012.
-
Short collusion-secure fingerprint codes against three pirates
Authors:
Koji Nuida
Abstract:
In this article, we propose a new construction of probabilistic collusion-secure fingerprint codes against up to three pirates and give a theoretical security evaluation. Our pirate tracing algorithm combines a scoring method analogous to Tardos codes (J. ACM, 2008) with an extension of parent search techniques of some preceding 2-secure codes. Numerical examples show that our code lengths are sig…
▽ More
In this article, we propose a new construction of probabilistic collusion-secure fingerprint codes against up to three pirates and give a theoretical security evaluation. Our pirate tracing algorithm combines a scoring method analogous to Tardos codes (J. ACM, 2008) with an extension of parent search techniques of some preceding 2-secure codes. Numerical examples show that our code lengths are significantly shorter than (about 30% to 40% of) the shortest known c-secure codes by Nuida et al. (Des. Codes Cryptogr., 2009) with c = 3. Some preliminary proposal for improving efficiency of our tracing algorithm is also given.
△ Less
Submitted 15 December, 2010;
originally announced December 2010.
-
Pattern occurrence in the dyadic expansion of square root of two and an analysis of pseudorandom number generators
Authors:
Koji Nuida
Abstract:
Recently, designs of pseudorandom number generators (PRNGs) using integer-valued variants of logistic maps and their applications to some cryptographic schemes have been studied, due mostly to their ease of implementation and performance. However, it has been noted that this ease is reduced for some choices of the PRNGs accuracy parameters. In this article, we show that the distribution of such…
▽ More
Recently, designs of pseudorandom number generators (PRNGs) using integer-valued variants of logistic maps and their applications to some cryptographic schemes have been studied, due mostly to their ease of implementation and performance. However, it has been noted that this ease is reduced for some choices of the PRNGs accuracy parameters. In this article, we show that the distribution of such undesirable accuracy parameters is closely related to the occurrence of some patterns in the dyadic expansion of the square root of 2. We prove that for an arbitrary infinite binary word, the asymptotic occurrence rate of these patterns is bounded in terms of the asymptotic occurrence rate of zeroes. We also present examples of infinite binary words that tightly achieve the bounds. As a consequence, a classical conjecture on asymptotic evenness of occurrence of zeroes and ones in the dyadic expansion of the square root of 2 implies that the asymptotic rate of the undesirable accuracy parameters for the PRNGs is at least 1/6.
△ Less
Submitted 18 September, 2009;
originally announced September 2009.
-
Optimization of Memory Usage in Tardos's Fingerprinting Codes
Authors:
Koji Nuida,
Manabu Hagiwara,
Hajime Watanabe,
Hideki Imai
Abstract:
It is known that Tardos's collusion-secure probabilistic fingerprinting code (Tardos code; STOC'03) has length of theoretically minimal order with respect to the number of colluding users. However, Tardos code uses certain continuous probability distribution in codeword generation, which creates some problems for practical use, in particular, it requires large extra memory. A solution proposed s…
▽ More
It is known that Tardos's collusion-secure probabilistic fingerprinting code (Tardos code; STOC'03) has length of theoretically minimal order with respect to the number of colluding users. However, Tardos code uses certain continuous probability distribution in codeword generation, which creates some problems for practical use, in particular, it requires large extra memory. A solution proposed so far is to use some finite probability distributions instead. In this paper, we determine the optimal finite distribution in order to decrease extra memory amount. By our result, the extra memory is reduced to 1/32 of the original, or even becomes needless, in some practical setting. Moreover, the code length is also reduced, e.g. to about 20.6% of Tardos code asymptotically. Finally, we address some other practical issues such as approximation errors which are inevitable in any real implementation.
△ Less
Submitted 15 January, 2008; v1 submitted 6 October, 2006;
originally announced October 2006.